General
-
Target
a52d3e061d94574b06d1dd80d10b0da00bfec0da72148f82ed7c7e7c01972a9f
-
Size
2.1MB
-
Sample
240415-nkngjsdb95
-
MD5
7a66daa76833055d3406a90cc1237eea
-
SHA1
d25f637a1afc130e119e8d0382d772ec509ae419
-
SHA256
a52d3e061d94574b06d1dd80d10b0da00bfec0da72148f82ed7c7e7c01972a9f
-
SHA512
64b60c67e9c4c8a6fd0f8bde8022bc5d9aefebee689bd51efee9d477a23581b017ed00af4e8a8945581cddf6dacfd5fa2247ddf5a8c74d374accc5e8c6280bdf
-
SSDEEP
49152:+SUl6vD5DxN6HHLJ9tMVaYsJ5d9FxJbHnuPEebr1yr6Dj6QF4t:+SSwD5DxketsJ9JzuBbr1yr6CQF
Static task
static1
Behavioral task
behavioral1
Sample
a52d3e061d94574b06d1dd80d10b0da00bfec0da72148f82ed7c7e7c01972a9f.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
a52d3e061d94574b06d1dd80d10b0da00bfec0da72148f82ed7c7e7c01972a9f
-
Size
2.1MB
-
MD5
7a66daa76833055d3406a90cc1237eea
-
SHA1
d25f637a1afc130e119e8d0382d772ec509ae419
-
SHA256
a52d3e061d94574b06d1dd80d10b0da00bfec0da72148f82ed7c7e7c01972a9f
-
SHA512
64b60c67e9c4c8a6fd0f8bde8022bc5d9aefebee689bd51efee9d477a23581b017ed00af4e8a8945581cddf6dacfd5fa2247ddf5a8c74d374accc5e8c6280bdf
-
SSDEEP
49152:+SUl6vD5DxN6HHLJ9tMVaYsJ5d9FxJbHnuPEebr1yr6Dj6QF4t:+SSwD5DxketsJ9JzuBbr1yr6CQF
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-